Overview

overview

8

Static

static

6

6aae5ee175...18.apk

android-9-x86

8

6aae5ee175...18.apk

android-13-x64

Analysis

  • max time kernel
    172s
  • max time network
    184s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    23-05-2024 10:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6aae5ee17539a3b43f9da6275027a464_JaffaCakes118.apk

  • Size

    14.1MB

  • MD5

    6aae5ee17539a3b43f9da6275027a464

  • SHA1

    aba3af5e452e2c066713590ffb385c7c66e417dd

  • SHA256

    0c459507288e3e6853327659c51c48b198e8a73a32af1e450e5205c6c3ad835e

  • SHA512

    feb62c31b851f821d1bd4c43dd2babc67597b695b96d10a428d91f3da9503c7c4fccfe894c5b1cf5f6770ffc850cdc54cfd5f20c6dfc26b62a8c749f1519269a

  • SSDEEP

    196608:U7HChNcpjHD+TLHZMK29SyyIA19VxuU9m3KiiRphPmTjGeXm1cIM1n+7d8PL:UtHmjyA19FoXiRphPmTqFc272

Score
8/10
bankerdiscoverypersistence

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 2 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery

Processes

  • com.team108.xiaodupi
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4288
  • com.team108.xiaodupi:pushservice
    1⤵
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Acquires the wake lock
    • Checks if the internet connection is available
    PID:4362

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.team108.xiaodupi/databases/pushsdk.db-journal
    Filesize

    512B

    MD5

    b7c660849c2c8d7a9e8cb87da7c3eb51

    SHA1

    158cf86ac2fa73d0603fa03ab14580365f88d3b3

    SHA256

    77163bc525e3f2240d80ce86c1abea657eab07df1e3e1796d510e9c97aec93f8

    SHA512

    756bb78b652c4ea3fc118da246682fa39d43b06d5be156f49381b66347518f3f5e9074a82330754f616262440d7f6a161812d4289908279725d195854f2e08c2

    Download Submit

  • /data/data/com.team108.xiaodupi/databases/pushsdk.db-wal
    Filesize

    88KB

    MD5

    b429223cb4ec285c1e53fc02e435cc26

    SHA1

    4adb8aab43c1e104fb12e263c2f69780f9f53bf3

    SHA256

    7b34501572a67989016694dd8f86d5b7bd6adf93cfb9ef8025fe9588fd19698e

    SHA512

    49320b2801e7f390f19c04c2b37347477658c8504b1ed3cf3b7a84e98a41adec6460d2f7b236e9eb003ef511ecba16ae91942b5662034d0503a91e35b13347b6

    Download Submit

  • /data/data/com.team108.xiaodupi/files/.YFlurrySenderIndex.info.AnalyticsData_GVXTX9PCPX5VHNXQJN6F_195
    Filesize

    88B

    MD5

    8850f512ad7ec75fb2ab171c6cdc5253

    SHA1

    719bec9cb009fa6087e69bf8704417d695407d35

    SHA256

    9b6bedb64d8e0a432c19c0c696ebe3fae5161e7b7123836baa04fe6dff6d15e5

    SHA512

    2301c78033df2d7d27ab85e8e664571157516c16c90b390bb38354e18a0e9cdb3d462f0d98b44712e8289e16a9a007b9f4b3bcf166b0da8849e8d1cba449dd9e

    Download Submit

  • /data/data/com.team108.xiaodupi/files/.YFlurrySenderIndex.info.AnalyticsMain
    Filesize

    72B

    MD5

    558894d0b0b33cac2d532fbf39574424

    SHA1

    3310952bb05575522c438f8547bf4ffe5e930dc9

    SHA256

    b2ce69f27b9e57b0c38259310446c9abebf0b6c642160279625d4a8b1df9e413

    SHA512

    645ae9ac12144780626d79ba2ce6b70e39845c2337ed68f2564f26f77700fa40e8d6b8fa1f9e86ca529f23ca37d142af0a0be16ed524a7d2d08c1c26a6ee26ed

    Download Submit

  • /data/data/com.team108.xiaodupi/files/.yflurrydatasenderblock.1398558a-5aa5-4e52-b944-119b73175c1f
    Filesize

    32KB

    MD5

    b95438c9e3478b9c1341277c38ca9dcc

    SHA1

    cadf443f21b5804059febe56d2b9535b6e66bf9e

    SHA256

    9b94ce54938633f62454697a572bd9d7c59d750c03af857b2bcdc86c91b54477

    SHA512

    295e31970885c7292a2372b9b7b3183fe3116ca92d96122080a80920efc8bbe439a323659b1389b91a5ce732d4170d1485f1667eb8be7fc8bc3f86ffb2ace3ee

    Download Submit

  • /storage/emulated/0/Android/data/com.team108.xiaodupi/cache/journal.tmp
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit